The malicious user can keep the application too busy to service other users, or if can simply cause the application to crash. Follow these guidelines:
- Use error handling (for example, try-catch). Include a finally block in which you release resources in case of failure.
- Configure IIS to use process throttling, which prevents an application from using up a disproportionate amount of CPU time.
- Test size limits of user input before using or storing it.
- Put size safeguards on database queries. For example, before you display query results in an ASP.NET Web page, be sure that there are not an unreasonable number of records.
- Put a size limit on file uploads, if those are part of your application. You can set a limit in the Web.config file using syntax such as the following, where the maxRequestLength value is in kilobytes:
No comments:
Post a Comment